forked from cors-errors/cors-errors.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
header-checker.html
95 lines (94 loc) · 2.89 KB
/
header-checker.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
---
layout: page
title: CORS Header Checker
permalink: /header-checker
css-class: header-checker
---
<h1>CORS Header Checker</h1>
<p>
This tool will check the headers for a CORS request and attempt to determine whether they are set correctly.
</p>
<p>
It is recommended that you use either <strong>Chrome</strong> or <strong>Firefox</strong> to copy the headers, even
if you’re only having problems in other browsers.
</p>
<p>
You can suggest improvements or report bugs via
<a href="{{ site.repository }}/issues" class="external" target="_blank">GitHub</a>.
</p>
<section>
<div class="flex-row">
<div class="number-circle" id="number-1">1</div>
<div class="rh-col-wrap">
<h4>Request headers:</h4>
<p>
Find the request in the <strong>Network</strong> section of your browser’s developer tools. Right-click on the
request and copy the <strong>Request</strong> headers. Paste them into the box below.
</p>
<p>
<em>Example:</em>
</p>
<pre><code>OPTIONS /api-path HTTP/1.1
Host: localhost:3000
Access-Control-Request-Method: POST
Origin: http://localhost:8080</code></pre>
</div>
</div>
<div class="flex-row">
<div class="marker" id="request-marker"></div>
<div class="rh-col-wrap">
<textarea id="request"></textarea>
<div id="request-errors" class="error"></div>
</div>
</div>
<hr>
<div class="flex-row">
<div class="number-circle" id="number-2">2</div>
<div class="rh-col-wrap">
<h4>Response headers:</h4>
<p>
Right-click again on the same request but this time copy the <strong>Response</strong> headers. Paste them
into the box below.
</p>
<p>
<em>Example:</em>
</p>
<pre><code>HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:8080</code></pre>
</div>
</div>
<div class="flex-row">
<div class="marker" id="response-marker"></div>
<div class="rh-col-wrap">
<textarea id="response"></textarea>
<div id="response-errors" class="error"></div>
</div>
</div>
<hr>
<div class="flex-row">
<div class="number-circle" id="number-3">3</div>
<div class="rh-col-wrap">
<h4>withCredentials / credentials = "include":</h4>
<p>
If you’re setting the <code>withCredentials</code> flag on the request then check the box below. If you aren’t
sure, leave it unchecked.
</p>
<div>
<input id="with-credentials" type="checkbox">
<label for="with-credentials">withCredentials / credentials = "include"</label>
</div>
</div>
</div>
<hr>
<p>
Once you’ve completed all three steps you can view the analysis in the next section.
</p>
</section>
<section id="report">
<h3>Request Analysis</h3>
<div id="request-out"></div>
<hr>
<h3>Response Analysis</h3>
<div id="response-out"></div>
</section>
<script src="/js/header-checker.js"></script>